Predator drones use less encryption than your TV, DVDs

Militants have been recording video from US Predator drones in Iraq and …

What three-letter Internet acronym best fits the bizarre news out of Iraq and Afghanistan that militants there have been intercepting US Predator drone video feeds using laptops and a $30 piece of Russian software: LOL, WTF, or OMG?

Actually, all three are appropriate for something this farcical, horrible, and brain-numbing. The reason that the transmissions could be picked up easily by a cheap satellite recording program? They were broadcast in the clear between the drone and ground control. That's right—no encryption was used.

Perhaps, you might be thinking to yourself in a mental bid to make the military seem competent here, no one could have suspected this would happen. But they did suspect it, because it had been happening for a decade already. The Wall Street Journal, which broke the story, included this tidbit in its report: "The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The US government has known about the flaw since the US campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said."

After finding various laptops containing hours of recorded drone footage, the military has at last moved to encrypt the downlink between the drone and ground control, but there are problems. Not with encryption technology, which is robust, but with the fact the military 1) did not use encryption at the beginning and retrofitting is hard, and 2) the Predator's maker uses some proprietary communications gear, so off-the-shelf encryption tools don't all work.

The sad but inevitable comparison has to be drawn here with consumer electronics. Blu-ray discs, which use the AACS control scheme, feature a new DRM scheme of bewildering complexity in an attempt to thwart pirates.

Encryption, Hollywood style

Operating system vendors have built entire "protected path" setups to guard audio and video all the way through the device chain. TVs and monitors now routinely use HDCP copy protection to secure their links over HDMI cables. Game consoles are packed with encryption schemes to prevent copied games from playing. Microsoft even goes out of its way to add encryption when Windows Media Center records unencrypted over-the-air TV content. Even the humble DVD, with its long-since-breached CSS encryption, offers more in the way of encryption.

But US drones, which spy on militants and rain down death from a distance, have none. The mind boggles, as it seems like the situation should be totally reversed: no encryption on legally-purchased content, more encryption on devices designed to watch and kill human beings.

The US government has known about the flaw since the US campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said."

yes, it's always smart to assume that your enemy is coward, stupid and/or weak. After all, preparing for the worst In a war is just waste of time, right?

Originally posted by Lord Thistle:At least we can hope that the lack of encryption saved some human lives...

Indeed. It would be such a tragedy should a few terrorists live another day. granted its ok if a few Americans or British or French get bombed, stabbed, beheaded or what have you but we need to protect those terrorists!

Simple solution: Let the MPAA take over the drone's video capabilities. Then when the militants attempt to use the signal, a shit-storm of lawyers will tie them up in court until they lose the will to militate.

The mind boggles, as it seems like the situation should be totally reversed: no encryption on legally-purchased content, more encryption on devices designed to watch and kill human beings.

Don't take this as an excuse for the military's stumble, as they were absolutely negligent about updating to match the times, but what follows is at least an explination.

To begin with, battlefield bandwidth has always been at the verge of saturation, and while communication systems are opening larger pipes the military is increasing the amount of information they push at just as great a speed. Many drone models offer 10 seperate realtime video feeds, PER DRONE. Embedded in combat groups are a multitude of video and surveillance gear similarly transmitting multiple realtime video feeds, as well as the location and status of each group (and in the case of certain operations, every individual soldier as well as their vitals). Couple that with voice communication, map updates, etc, and there is a whole hell of a lot of information being transmitted wirelessly and every byte that can be saved counts. Encryption increases overhead and unless it can be offset with more efficient codecs or other solutions that overhead can actually be too great. Using encryption is by no means a brainlessly obvious choice. It has serious tradeoffs that must be engineered around - that said, it is also very much required and they have been negligent not engineering around those tradeoffs.

On top of that, the drones are the result of 90's engineering when softradios where unheard of and the actual hardware to do battlefield intercepts was large and very expensive. The same assumptions were made for wireless keyfobbs for cars in the 90s - rotating codes weren't necessary because it would take 10s of thousands of dollars to intercept the code and unlock a car by a malicious party. Now with less than a $1000 in computer, radio, and software wireless transmissions on a broad range of spectrums are now easy to snoop upon. The military's initial assumptions were not out of line, but they have similarly shown negligence in not updating their assumptions given current conditions.

The outrage is amusing. The .mil knew about this from the design stage, and didn't rectify it because it didn't care, because it almost never impacts operational security or capability, and so was a low priority on the list of things to improve, vs. say better sensors or an increased payload.

I seem to recall reading about this several years ago. My memory is fuzzy, but it basically had to do with the military using up all its available bandwidth on its own satellites (which did have encrypted downlinks) with the tons of new drones that were being added. To make up the difference they had to basically rent space on other commercial broadcast satellites, and this was the footage that was not encrypted. I'm really surprised though that they haven't added encryption to those yet.

I see a few folks pointing out that the drone was developed in the 90's. The military has been encrypting voice and data communications for decades. Nothing short of negligence explains why these video streams were not encrypted.

I smell a change order to their contract and another few billion to the military industrial complex. Who knew that the Internet would allow people to collaborate and share ideas and software including wifi hacking tools? Maybe we can create a new TV show and have HD TV live from Iraq the "Drone Channel", full HD real time coming to a city near you.

Indeed - AT&T can't build enough infrastructure in a friendly territory, where the only real limitations are cash and build out times, to handle the load of iPhones. In a warzone communication infrastructure build out has huge challenges and limitations and the amount of realtime data may be coming from fewer total devices but is quite a bit larger on a per device basis. The challenge is quite a bit greater.

In that scenario people need to understand in their "well duh" posts that the bandwidth overhead of encryption is not free in any sense. that isn't an excuse to forgo it, but cost/benefit analysis of competing interests in that bandwidth have to be considered. Do we want encryption on our drones, or to know where our soldiers are? You can't necessarily do both. Which has the bigger risk?

What bandwidth overhead to encryption? There is CPU overhead to do the encryption but very little bandwidth overhead to do a key exchange. As to third party satalittes, who cares, the uplink to them should be encrypted and just sent back down to the ground.

HonestlY if only the Video is Open and the Command Control is Encrypted I do not see the huge issue. These wer not targeted at highly sophisticated enemies they still need to intercept the signal and warn their brothers on the ground etc. I suppose until a suspicious number of terrorists would have shown that they are warned by hiding or whatever why bother to change a costly setup ?

Originally posted by jslacker:I seem to recall reading about this several years ago. My memory is fuzzy, but it basically had to do with the military using up all its available bandwidth on its own satellites (which did have encrypted downlinks) with the tons of new drones that were being added. To make up the difference they had to basically rent space on other commercial broadcast satellites, and this was the footage that was not encrypted. I'm really surprised though that they haven't added encryption to those yet.

The thing is most broadcast feeds are encrypted and have been for as long as the Predator program existed. Videocipher followed by Digicipher and then later newer ciphers are embedded and the newest ones are quite difficult to break though not impossible. Any of these would have added trivial overhead to the data stream and would have made it a hell of alot harder to hack. It would require anything that accesses the feed to be authorized but that's not difficult and you can easily go in and de-authorize a device later.

It's worth noting that there's rarely any cause to point your surveillance cameras at your own troops; you almost always point them at the other side. So if your opponent intercepts your video, they're only seeing pictures of themselves. This may well alert them to the fact that they're being watched (kind of like a battlefield fuzz buster), but it's much less damaging than giving away your own positions.

It is just the video stream, which is separate from the control/com stream. So, IF the GPS data, attitude and altitude data are not embedded in the video stream the interceptor only sees what the drone sees. There could be useful visual clues that would help the Terrorists avoid and evade the strike but beyond that it is difficult to gauge the magnitude of the impact of this snooping beyond 'I know that you know that you see me.'

Originally posted by spadefinger:I see a few folks pointing out that the drone was developed in the 90's. The military has been encrypting voice and data communications for decades. Nothing short of negligence explains why these video streams were not encrypted.

Yeah being developed in the 90's is not even the start of an excuse, as pointed out many times already. Cryptography is not a "new" field. Remember the Enigma devices from the 1920's? I'm sure everyone's seen one or several of the movies it stars in.

Of course, for this "exploit" to be usable by anyone, you first have to have the correct software/hardware. Both very easy to get since you only need $30 bucks and a cheap laptop. Then you need to be in the right place at the right time to get a signal. A little harder but still doable, maybe. Finally, you have to be able to know WTF you are looking at, which very few people know how to do. So, someone who has hacked the feed will get to see what one drone is doing, out of several that are flying in any given area.

Can/should the military fix this? Yes, of course it should but you get more OpSec violations on a typical military forum that you would from this. Out of everything to worry about in the military or in a war zone i would rate this pretty low.

This also has to do with the "pet project" nature of the predator program. Namely being that its so high profile that it gets its own com packages and support crew so it bypasses the typical ICE communications packages the comptrollers deploy for base and field operations.

First I'd like to say that I agree that not encrypting the video isn't that big a deal in this case. However I'd like to state that bandwidth is probably not the limiting factor and is a por excuse. In cases like this you don't need a super complex encryption system. The data is not sensitive enough to rate it. A simple xor pad (determined before launching the drone) means there is no key exchange, and the data bandwidth is exactly the same as the raw video feed. Who cares if the enemy can decrypt the video a couple hours later(though I doubt they could do it that fast even with an xor pad). Use a new xor pad per drone per flight. Or even have multiple set per flight and switch every 10 minutes or so. Bingo, simple short term security on your video with no bandwidth cost and very little cpu cost on the drone.